SNMP CVE Database

The Net-SNMP agent daemon (snmpd) contains a command injection vulnerability in the AgentX protocol handling. A malicious AgentX client can inject shell commands that will be executed with the privileges of the snmpd process.

The SNMP protocol implementation in Net-SNMP before 5.8.1.pre1 has a double free that may lead to remote code execution or denial of service via an authenticated user sending crafted packets.

Net-SNMP 5.7.3 through 5.8 has a memory leak in usm_free_usmStateReference via snmp_api.c and snmp_secmod.c when an SNMPv3 GetBulk request is sent.

Net-SNMP 5.7.2.1 and earlier allows remote attackers to obtain sensitive information via a GetBulk request with a large max-repetitions value, which triggers an out-of-bounds read.

SNMP v3 in Cisco IOS and IOS XE does not properly implement the HMAC-SHA-96 authentication method, which makes it easier for remote attackers to obtain read and write access via a brute-force approach to guessing the authentication key.

Net-SNMP 5.7.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted SNMP trap.

The SNMP implementation in Cisco IOS 12.0 through 12.4 allows remote attackers to determine the SNMP community string via crafted SNMP packets that trigger different responses for valid and invalid community strings.

The SNMP v3 implementation in Cisco IOS 12.2 and 12.3 allows remote attackers to bypass authentication and gain read access to the MIB via SNMP packets with modified digest values.